From a63f7e5659a77ef290501153f1dc80122ff27de7 Mon Sep 17 00:00:00 2001 From: abraunegg Date: Wed, 28 Jan 2026 21:18:25 +1100 Subject: [PATCH] Fix Bug #3622:Fix OAuth authorisation code parsing and encoding during token redemption (#3625) Fix an issue where OAuth authorisation codes containing non-alphanumeric characters were truncated or incorrectly transmitted during token redemption. The client now captures the full `code` query parameter from the redirect URI and ensures it is correctly form-encoded when posting to the token endpoint. Authorization codes are treated as opaque values and relayed exactly as returned by Microsoft, preventing AADSTS70000 errors caused by client-side parsing assumptions. --- src/onedrive.d | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/onedrive.d b/src/onedrive.d index 5269f594..fa35aff1 100644 --- a/src/onedrive.d +++ b/src/onedrive.d @@ -795,13 +795,15 @@ class OneDriveApi { } // match the authorisation code - auto c = matchFirst(response, r"(?:[\?&]code=)([\w\d-.]+)"); + auto c = matchFirst(strip(response), r"(?:[?&]code=)([^&]+)"); + if (c.empty) { addLogEntry("An empty or invalid response uri was entered"); return false; } c.popFront(); // skip the whole match - redeemToken(c.front); + string authCode = decodeComponent(c.front); + redeemToken(authCode); return true; } } @@ -1252,13 +1254,13 @@ class OneDriveApi { (*headers)["Prefer"] = "Include-Feature=AddToOneDrive"; } - private void redeemToken(char[] authCode) { - char[] postData = + private void redeemToken(string authCode) { + string postData = "client_id=" ~ clientId ~ - "&redirect_uri=" ~ redirectUrl ~ - "&code=" ~ authCode ~ + "&redirect_uri=" ~ encodeComponent(redirectUrl) ~ + "&code=" ~ encodeComponent(authCode) ~ "&grant_type=authorization_code"; - acquireToken(postData); + acquireToken(postData.dup); } private void acquireToken(char[] postData) {